Enabling productivity, interoperability, and new end user experiences by integrating people,
advertisement
International Telecommunication Union ITU-T Enabling productivity, interoperability, and new end user experiences by integrating people, identity, profile, and relationship data Anthony Nadalin Chief Security Architect, IBM ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 Why Focus on Optimizing Around People??? ITU-T The relative cost of humans to technology resources has made humans the most expensive component of the system. Our focus remains on optimizing the efficiency of the system. 80% of Knowledge Not in Any System People's Heads Unstructured Structured (declarative/facts) Source: Giga 2002 100 100000000 10000000 80 1000000 Cost 100000 60 10000 40 1000 100 20 10 1 1969 1974 1979 1984 1989 1994 1999 0 Year $/MFLOP $/Person Month Organizational Knowledge Expon. ($/Person Month) Expon. ($/MFLOP) 80% of Formal IT budget spent on managing 4% of data, information and knowledge ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 2 2 The Evolution of Integration of Information About People ITU-T Concurrent Sequential Visually Coordinated 1970’s 1985 ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 2000 3 Trends: People and Information About Them ITU-T o Productivity is achieved through the integration of o o o o people with business processes Information about people in the enterprise is abundant and growing in richness and volume Information is scattered and not integrated A federated, digital representation will emerge Maintaining privacy of appropriate user information is key ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 4 New Framework Enhances Identity Management ITU-T An Eclipse open source project supported by IBM, Novell, Parity, and others that will: • Provide a foundation for "user-centric identity" and personal information management applications Enable dynamic, automatic capture of people information from disparate information repositories Ema i or I l M C s om of m In un te iti re e st ites YOU l Virtua es Spac Ease management of identity, profile, reputation and relationship data across repositories We bs e ris rp te ps En Ap Facilitate integration with diverse identity management systems ists dy L Bud Higgins Trust Framework ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 5 For Developers: Identity Tooling ITU-T o Identity management framework o Saves developer from learning the details of multiple identity systems o Only one API to learn o Relies on plug-ins to support major protocols and technologies: CardSpace ™, OpenID, RSS-H, XRI, LDAP, etc. ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 6 For End Users: Capabilities ITU-T User-centric authentication o Provides a consistent user experience o User picks from a selection of visual “i-cards” o Privacy-enabled claims to share only what is needed (and protect private information) Personal information integration o Remembers passwords, fills in forms o Links and syncs your info across silos o Gives more control over your personal data ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 7 For End Users: An Identity Metasystem ITU-T o Higgins provides an Identity Attribute Service to aggregate and federate information across systems and silos o Its abstract data model can accommodate multiple heterogeneous identity systems o Context Providers reflect identities and attributives relevant to those contexts ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 8 For End Users: Enabling Privacy ITU-T Manage private information o Need to access consistent view of their data, metadata Share and control access to private information o Attach (privacy, access) policies at record (e.g. medical records) or attribute (e.g., salary) level Present information on an “as needed” basis o Transform attributes (e.g., bank balance = $100k), to claims (e.g., bank balance > $20K) as required o Relying party only trusts the originating entity (e.g., bank) and does not need to trust the transforming intermediary ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 9 For the Enterprise ITU-T o Integrate identity, profile, reputation, and relationship information across and among complex enterprises o Create common interfaces to identity and networking systems o Support advanced process automation by providing “data context” ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 10 For the Enterprise: Enabling Privacy ITU-T o Enterprise privacy policies o o o o • Necessary but not sufficient to enforce corporate policies through enterprise systems Meet scaling requirements • Empower users to control more of their private information • Empowering does not imply users can override all policies Consumer and employee satisfaction Ultimately privacy is about the user So let’s give the user some control ! ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 11 Summary ITU-T o User-centric identity • Fundamental goal (improve user control) and approach (framework + metaphor) • EU PRIME, Microsoft CardSpace, Eclipse Higgins, … o Current discussion is too limited, and bears risk of over-simplification 1. Identity disclosures happen in many types of transactions — Discussion focuses on user-controlled disclosures — But most privacy-relevant transactions happen without any user involvement — Extending user control to such transactions requires specific technology and trust — Reputation and accountability are very much intertwined with privacy 2. An identity metasystem / framework is an important concept, but it only manages other systems — Privacy depends largely on these systems, not primarily on the metasystem 3. Agreement on “laws” does not automatically lead to open standards. — Standards needed: interoperability of metasystems + minimum req. for actual systems — Needs an open process, leading to open, stable and freely usable standards — Candidate projects exists, e.g., Project Higgins ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 What is needed? ITU-T Context-adequate metaphors for identity and standard policies Open Standards Framework for the integration of identity, profile and relationship data Cryptographic implementations supporting privacy, authenticity and accountability ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006
